Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1766 | 1 Teozkr | 1 Lightopencms | 2018-10-10 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1843 | 1 Glenn Mcgurrin | 1 Flash Quiz | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php; and the (2) order_number parameter to (g) answers.php and (h) question.php. | |||||
| CVE-2009-1778 | 1 Bigace | 1 Bigace Cms | 2018-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-1661 | 1 Anoldman | 1 Utopic | 2018-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. | |||||
| CVE-2009-1584 | 1 R020 | 1 Tematres | 2018-10-10 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php. | |||||
| CVE-2009-1480 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors. | |||||
| CVE-2009-1500 | 1 Projectcms | 1 Projectcms | 2018-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter. | |||||
| CVE-2009-1468 | 1 Icewarp | 2 Email Server, Webmail Server | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query. | |||||
| CVE-2009-1453 | 1 Anoochit Chalothorn | 1 Tiny Blogr | 2018-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1316 | 1 Abk-soft | 1 Ablespace | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to events_view.php and the (2) id parameter to events_clndr_view.php. | |||||
| CVE-2009-1027 | 1 Opencart | 1 Opencart | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2009-0882 | 1 Roman Bogorodskiy | 1 Nforum | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php. | |||||
| CVE-2009-0851 | 1 Stewart Howe | 1 Celerbb | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php. | |||||
| CVE-2009-0963 | 1 Xlinesoft | 1 Phprunner | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php. | |||||
| CVE-2009-0832 | 2 Ausimods, Php-fusion | 2 E-cart, Php-fusion | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter. | |||||
| CVE-2009-0825 | 1 Torben Sorensen | 1 Tinx\/cms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0741 | 1 Craftsilicon | 1 Banking\@home | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter. | |||||
| CVE-2009-0727 | 1 Tony Iha Kazungu | 1 Taifajobs | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter. | |||||
| CVE-2009-0672 | 1 Ravenphpscripts | 1 Ravennuke | 2018-10-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php. | |||||
| CVE-2009-0730 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726. | |||||